URL:Mal

system · June 11, 2012, 5:18pm

When using IE, I keep getting the following popup from Avast. I’m running the Free version. It’s extremely annoying. If I use Firefox, I don’t have this pop up. Please advise how it can be fixed.

You just dodged a bullet
You may be wondering how you ended up with a virus, especially if you were visiting a ‘normal’ site. The latest research from the avast! Virus Lab shows that more than 80% of malware (viruses, spyware, and the like) spreads through legitimate websites, with only 1% coming from suspicious or ‘dodgy’ sites.

Good thing avast! had your back.

URL: "http://includeit.info/scripts/inl_dmmtc/inldmmtch.js
Process: "C:\Program Files\Internet Explorer\iexplore.exe
Infection: “URL:Mal”

Asyn · June 11, 2012, 5:33pm

http://zulu.zscaler.com/submission/show/dfd2a87690c5f29f63f5617e40d2b775-1339435717

system · June 13, 2012, 10:07pm

I’m having the same problem, but in FF13. Did you resolve yours? A french and german dude(tte) seem to have the same problem, but otherwise Google returns so search results. It happens every single time I refresh and also other times.

system · June 14, 2012, 2:36pm

No, mine hasn’t been resolved and no one has come up with any suggestions. I’m seeing tons of posts on the same problem.

Someone, help please!!! This is so annoying and Avast doesn’t appear to be concerned about people using their free version. With this type of support, I certainly am not motivated to purchase a full version.

DavidR · June 14, 2012, 3:14pm

@ rbabyak

Please ‘modify’ your post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

Do you happen to be trying to connect to that website ?

Avast isn’t the only one to consider that site malicious/suspicious http://sitecheck.sucuri.net/results/includeit.info, though the site appears to have been taken down by the host.

If you aren’t trying to connect to that site, then there is a possibility that your browser may have been exploited to redirect to malicious sites.

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

system · June 14, 2012, 6:14pm

Here is the OTL file you requested.

I ran the scan as instructed. Since you didn’t request the extras file, I am not attaching it.

DavidR · June 14, 2012, 6:29pm

I didn’t specifically request anything other than you read the information and attach the log(s), which include more than just OTL so that a specialist can analyse them. I’m just preparing the ground.

system · June 14, 2012, 7:07pm

I sent the OTL log and am running the aswMBR scan. It’s been running for a long time and appears to have stopped without completion. It’s been on the same file for over 45 minutes.

Please advise.

DavidR · June 14, 2012, 8:43pm

I would stop it and run it again, but in the AV Scan selection, rather than Quick, select None, that should hopefully at least allow it to complete. You can also attach the extras.txt, since OTL is complete.

essexboy · June 14, 2012, 8:50pm

There is not a great deal showing there - I will need the aswMBR log

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from “Start with Windows”
Reboot and then run OTL

http://i1224.photobucket.com/albums/ee362/Essexboy3/mbamstop.jpg

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Documents and Settings\PC1\Application Data\Complitly\Complitly.dll (SimplyGen) O3 - HKU\S-1-5-21-4006778571-1867818608-3964762099-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKU\S-1-5-21-4006778571-1867818608-3964762099-1004..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://connectwisepartnersummit.com/breakout-sessions/i-want-more-than-connectwise-reports-and-dashboards/" File not found
:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

DavidR · June 14, 2012, 8:53pm

Thanks for joining the topic essexboy.

system · June 14, 2012, 9:33pm

Attached are the Extras.txt, MBR.dat and aswMBR.txt files.

system · June 15, 2012, 4:29am

I’ve got this problem too! Hope it gets fixed for you, then I might give it a go.

system · June 15, 2012, 4:35am

btw I’m using Chrome, would it have something to do with JavaScript console???

Asyn · June 15, 2012, 4:36am

Please start a new topic and attach your logs.
You can’t use the advice given here, as it’s only relevant for the OP’s system.

Edit: Typo.

system · June 15, 2012, 2:37pm

I don’t know if you received my downloads, so I’m attaching them again.
I was going to upload the MBR.dat but it’s not permitted. Please let me know if this file is needed also.

essexboy · June 15, 2012, 4:40pm

Are you still getting the alerts ?

system · June 15, 2012, 5:21pm

Yes

essexboy · June 15, 2012, 5:31pm

OK phase two

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[]Accept the disclaimer and allow to update if it asks
[]Allow the installation of the recovery console

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

system · June 15, 2012, 6:06pm

Combo Fix file

URL:Mal

Announcements